The data controller responsible for the processing of personal data is:
Sławomir Gierek
Strumiany 121
32-002 Węgrzce Wielkie
slav@visionvelo.eu
Thank you for your interest in our online store. The protection of your privacy is of great importance to us. Below you will find detailed information regarding the handling of your data.
1. Access data and hosting
Our websites can be visited without providing personal data. In the case of each access to our website, the server automatically records only the so-called server logs, such as the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting internet service provider (access logs), and documents the access to the website. This data is analyzed solely for the purpose of ensuring the proper functioning of our website and improving our offer. The above serves, in accordance with Art. 6(1)(f) of the GDPR, to protect our legitimate interests, consisting of the optimal and proper presentation of our websites and offerings.
Hosting
All access data will be deleted no later than seven days after the end of your visit to our website.
The hosting and display services of our website are partially provided on our behalf by our service providers as data processors. Unless otherwise stated in this privacy policy, all access data and data collected in the designated forms on our website will be processed on their servers. If you have any questions regarding our service providers and the basis of our cooperation with them, please contact us. Our contact information can be found in the “Our Contact Information and Your Rights” section.
2. Collection and processing of data for the purpose of contract performance and communication
2.1 Processing of data for the purpose of contract performance.
We process voluntarily provided personal data submitted by you during the order placement for the purpose of contract performance (including inquiries regarding warranty claims or guarantees and obligations to inform about necessary updates). The legal basis for this processing is Article 6(1)(b) of the GDPR. Mandatory fields are marked as such because they concern data necessary for order fulfillment, and without providing them, we cannot fulfill the order. The types of data collected directly result from the forms in which the data is entered.
Further information regarding the processing of your data, especially regarding the transfer of data to our service providers for the purpose of order fulfillment, payment, and shipping, can be found in subsequent sections of this privacy policy. After the contract has been fulfilled, the processing of your data will be restricted, and after the periods of storage required by tax and accounting regulations, this data will be deleted (Article 6(1)(c) of the GDPR), unless you give explicit consent (Article 6(1)(a) of the GDPR) for further use of this data for other purposes, or unless we reserve the right to further use it in legally permissible circumstances, which will be indicated in this privacy policy.
2.2 Customer account
If you provide your consent in accordance with Article 6(1)(a) of the GDPR to create a customer account, we will process your personal data necessary for this purpose. They will also be used for future orders on our website. Your customer account can be deleted at any time. To do so, please send a message to our contact address indicated in the “Our Contact Details and Your Rights” section or use the appropriate function in the customer account settings. After your customer account is deleted, the processing of your data will be restricted, and after the storage periods specified in tax and accounting regulations expire, your data will be deleted (Article 6(1)(c) of the GDPR), unless you provide explicit consent (Article 6(1)(a) of the GDPR) for further use of that data or we reserve the right to further use the data for other purposes in accordance with applicable legal provisions, as stated in this privacy policy.
2.3 Processing of data for comunication purposes
As part of communication with the client, we process personal data for the purpose of handling your inquiries (Art. 6(1)(b) of the GDPR). You voluntarily provide us with this data when contacting us (e.g., through a contact form or email). Mandatory fields are marked as such because they concern data necessary for processing the inquiry. The specific data collected directly depend on the forms through which the data is submitted. Once your inquiry has been fully processed, your data will be deleted unless you provide explicit consent (Art. 6(1)(a) of the GDPR) for further use of the data for other purposes, or we reserve the right to further process the data in accordance with legally permissible cases, as stated in this privacy policy.
3. Processing of data for the purpose of order fulfillment
In order to fulfill the contract (Art. 6(1)(b) of the GDPR), we will transfer your data to the selected shipping company, which has been entrusted with the delivery of the ordered products.
4. The processing of data for the purpose of payment processing
In order to process payments in our online store, we cooperate with external service providers handling electronic online payments and we transfer your data to the selected payment processing company as chosen by you during the order placement process. This is done to fulfill the contract (Article 6(1)(b) of the GDPR).
Processing data for the purpose of preventing abuse and optimizing payments
In certain situations, we may provide our service providers with additional information that they may use in conjunction with the necessary information to process payments. These service providers act as data processors on our behalf and provide us with services related to fraud prevention and payment optimization (such as invoicing, analysis of rejected payments, and accounting support). Pursuant to Article 6(1)(f) of the GDPR, this serves the legitimate interests of protecting against fraud and misconduct and effectively managing payments.
5. Marketing channels: email
If you subscribe to our newsletter, based on your consent (Art. 6(1)(a) of the GDPR), we will use the data provided by you to regularly send our newsletter electronically.
Unsubscribing from the newsletter is possible at any time. To do so, please send a message to our contact address indicated in the “Our contact details and your rights” section or use the unsubscribe link provided in the newsletter. After unsubscribing from the newsletter, we will delete your email address unless you give explicit consent (Art. 6(1)(a) of the GDPR) for further use of the data for other purposes or unless we reserve the right to continue using the data in accordance with applicable laws, as stated in this privacy policy.
The newsletter is sent as part of data processing entrusted to us by an external service provider. If you have any questions regarding our service providers and the basis of our cooperation with them, please contact us. You will find our contact details in the “Our contact details and your rights” section.
Sending an invitation to leave a review on a purchase.
If you have provided your consent during or after placing an order (Art. 6(1)(a) of the GDPR), we will use your email address to send you an electronic invitation to review the purchase made in our store. The review process is conducted through our review system. You can withdraw your consent at any time by sending a message informing us of the withdrawal of consent to our contact address provided in the “Our Contact Information and Your Rights” section. Alternatively, you can also use the unsubscribe link included in the invitation email to opt out of receiving further review invitations.
Invitations to leave reviews are sent by our service provider Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany (“Trusted Shops”). As part of sending these invitations, we receive information from Trusted Shops regarding the status (e.g., whether the review invitation has been sent and whether it has been delivered to the recipient). This is done in accordance with Art. 6(1)(f) of the GDPR to fulfill our legitimate interest in receiving information about review invitations for the purpose of optimizing our processes as well as to fulfill Trusted Shops’ legitimate interest in providing this service.
We are jointly responsible with Trusted Shops for sending review invitations, as well as for collecting and displaying information regarding reviews, ratings, or status.
As part of this joint responsibility between us and Trusted Shops, if you have any questions regarding the protection of your data or wish to exercise your rights, please contact Trusted Shops. Contact information is available at following website. You will also find further information about data protection at Trusted Shops. However, you can always contact us directly as well. If necessary, your inquiry will be forwarded to Trusted Shops, which shares responsibility for data processing.
6. Cookie files and similar technologies
General information
To enhance your experience on our website and enable you to use its key features, we use technological tools, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some cookies used by us are deleted after the end of your web browser session, i.e., when you close it (session cookies). Other cookies are stored on your end device and allow us to recognize your browser on your next visit to the website (persistent cookies).
Protection of end devices’ privacy
During the use of our online services, we utilize technologies that are absolutely necessary to ensure proper and optimal utilization of essential features of our website. In this regard, storing information on the user’s end device or accessing information that is already stored on their end device does not require the user’s consent.
In the case of functions that are not absolutely necessary, storing information on the user’s end device or accessing information already stored on their end device requires the user’s consent. It should be noted that, in the absence of consent, certain functions or elements of the website may not be fully available. Any consent given by the user remains valid until withdrawn, configured settings, or reset of relevant settings on the end device.
Other cases of data processing using cookies and other technologies
We use technologies that are absolutely necessary to ensure the proper and optimal functioning of essential features of our website (e.g., shopping cart function). These technologies process data such as your IP address, time of visit, information about your device and browser, as well as information about your use of our website (e.g., contents of the shopping cart). This processing is carried out in accordance with Article 6(1)(f) of the GDPR to fulfill our legitimate interest in the optimal presentation of our offerings.
Additionally, we also use technological tools to fulfill our legal obligations (e.g., to demonstrate obtaining consent for the processing of your personal data) as well as for web analytics and online marketing purposes. Further information on this, including the relevant legal bases for data processing, can be found in subsequent sections of this privacy policy.
In the browser’s help menu, you will find explanations on how to change cookie settings. They are available through the following links:Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
If you have given us your consent for the use of specific technological tools (art. 6(1)(a) GDPR), you can withdraw it at any time. To withdraw your consent, please contact us using the contact address provided in the “Our Contact Details and Your Rights” section.
7. The use of cookies and similar technological tools
If you have given your consent to this (Art. 6(1)(a) of the GDPR), we use the following cookies and similar technological tools provided by external service providers on our website. Once the purpose of processing has been achieved and the use of a particular technological tool has ended, the data collected through the use of these tools will be deleted. The consent given by you can be withdrawn at any time. Detailed information on the options for withdrawing consent and your right to object can be found in the “Cookies and Similar Technologies” section. Further information can be found on the websites of the respective service providers. If you have any questions regarding our service providers and the basis of our cooperation with them, please contact us. Contact details can be found in the “Our Contact Details and Your Rights” section.
Utilizing Google services
Google Analytics
We use the following technological tools provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Information collected automatically by Google’s technologies regarding the use of our website is usually transferred to and stored on Google LLC’s servers at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The European Commission has not issued an adequacy decision for the USA regarding data protection. Our cooperation is based on the standard contractual clauses adopted by the European Commission. Unless otherwise specified for specific Google technologies described in this privacy policy, data processing is carried out under a joint data processing agreement with Google in accordance with Article 26 of the GDPR. Further information regarding the processing of data by Google can be found in Google’s privacy policy.privacy policy on Google’s website..
For the purpose of analyzing the usage of our website, we utilize Google Analytics, a web analytics tool provided by Google. Google Analytics automatically processes your data (IP address, time of visit, information about your device and browser, and usage information of our website) and creates pseudonymous user profiles based on this data. Cookies may be used for this purpose. When a user visits our website from within the EU territory, their IP address is stored on a server located within the EU to obtain location data, and then immediately deleted before the traffic is redirected to further Google servers. The processing of data within the Google Analytics service is based on a data processing agreement concluded with Google.
8. Integration with Trusted Shops Trustbadge and other widgets
To display Trusted Shops services (such as quality seal, collected reviews) and offer Trusted Shops products to buyers after placing an order, Trusted Shops widgets are integrated with our website.
The above serves, in accordance with Article 6(1)(f) of the GDPR, to fulfill our legitimate interest of optimally marketing our offer by enabling secure online shopping. Trustbadge and the services advertised through it constitute an offer by Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany (hereinafter referred to as “Trusted Shops”), with whom we jointly assume responsibility for the protection of co-administered data in accordance with Article 26 of the GDPR. We hereby inform you about the essential content of the joint agreements between the co-administrators (Article 26(2) of the GDPR).
As part of the joint responsibility between us and Trusted Shops AG, in case of any inquiries regarding data protection and the exercise of your rights, please contact Trusted Shops using the contact information provided in privacy policy of Trusted Shops company. However, you may always contact your chosen data co-controller directly. Your inquiry or request will be forwarded to the other co-controller if necessary for processing or response.
8.1 Processing of data within the integration of Trustbadge and other widgets
Trustbadge is provided by an American content delivery network (CDN) provider. The appropriate level of data protection is ensured through standard data protection clauses and additional contractual agreements.
When Trustbadge is called, the web server automatically saves a so-called server log file, which also includes your IP address, date and time of the call, amount of data transferred, and the requesting provider (access data), and documents the call. The IP address is anonymized immediately after retrieval, so that the stored data cannot be assigned to a specific person. The anonymized data is used, in particular, for statistical purposes and error analysis.
8.2 Processing of data after placing an order.
If you have given your consent, after placing an order, Trustbadge obtains access to order-related information stored on your end device (order amount, order number, and, if applicable, the purchased product), as well as your email address used during the order process. The email address is hashed using a cryptographic one-way function. The hash value is then transmitted to Trusted Shops along with the order information, in accordance with Article 6(1)(a) of the GDPR.
This is done to verify whether you are already registered in the Trusted Shops AG system for using Trusted Shops services for buyers. If you are already registered, further processing of data is carried out in accordance with agreement concluded between you and Trusted Shops. If you are not registered or do not consent to automatic recognition of registration using Trustbadge, you will have the opportunity to register manually in order to use the services or secure your purchase within an existing user agreement.
For this purpose, after placing an order in the store, Trustbadge gains access to the following information stored on your end device: order total, order number, and email address. This is necessary in order for us to offer buyer protection. The aforementioned data is transmitted to Trusted Shops only when you actively decide to avail yourself of buyer protection by clicking on the appropriately designated button in the so-called Trustcard. If you choose to use these services, further processing of the data is based on the agreement concluded with Trusted Shops (Art. 6(1)(b) of the GDPR) for the purpose of registering buyer protection and securing your order, as well as to allow you to receive email invitations to provide feedback on your purchase.
Trusted Shops utilizes service providers for hosting and log monitoring purposes. The legal basis for such processing is Article 6(1)(f) of the GDPR, and the legitimate interest lies in ensuring the smooth operation of our websites. As a result, data processing may also take place in third countries (USA and Israel). Adequate data protection levels have been ensured in the case of the USA through the implementation of standard data protection clauses and additional contractual measures. For Israel, an adequacy decision confirming an adequate level of data protection is in place. Further information can be found here.
9. Social media
Our activiti in social media: Facebook, Instagram, Youtube, LinkedIn
JIf you have given consent to a specific social media platform in this regard (Article 6(1)(a) of the GDPR), when visiting our account/profile on the aforementioned social media platforms, your data will be automatically collected and stored for web analytics and marketing purposes. Pseudonymized user profiles are created based on this data. These profiles may be used, for example, to display personalized advertisements within and outside of the social media platforms, which are likely to correspond to your interests. This is typically achieved through the use of cookies.
Further information regarding the processing and use of your data by individual social media platforms, as well as information about your rights and configuration options regarding privacy settings, and contact details for submitting inquiries, are described in the linked privacy policies of the respective social media platforms. If you require assistance in this regard, you may also contact us.
Facebook (by Meta) is a social media platform offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Automatically processed information regarding your activities and use of our fan page on Facebook (by Meta) is generally transmitted to the server of Meta Platforms Ireland, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. With regard to the USA, the European Commission has not issued an adequacy decision determining an adequate level of data protection. Our collaboration is based on the standard contractual clauses adopted by the European Commission. The processing of data during visits to the fan page on Facebook (by Meta) is carried out in accordance with Article 26 of the GDPR based on the joint agreements of the co-controllers, which are available for review here. Further information regarding the processing of your personal data during visits to the fan page on Facebook (information regarding page insights) is available here.
Instagram (by Meta) is a social media platform offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Automatically processed information regarding your activity and usage of our fan page account on Instagram is typically transmitted to the server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. The European Commission has not issued a decision determining an adequate level of data protection for the USA. Our cooperation is based on the standard data protection clauses adopted by the European Commission. The processing of data during visits to the fan page account on Instagram (by Meta) is carried out in accordance with Article 26 of the General Data Protection Regulation (GDPR) based on the joint agreements of the co-administrators. Further information regarding the processing of your personal data during visits to the fan page on Facebook (information regarding page insights) is available here.
YouTube is a social media platform offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Automatically processed information regarding your activity and usage of our profile on YouTube is generally transmitted to the server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. The European Commission has not issued a decision determining an adequate level of data protection for the USA. Our cooperation is based on the standard data protection clauses adopted by the European Commission.
LinkedIn is a social media platform offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Automatically processed information regarding your activity and usage of our profile on LinkedIn is generally transmitted to the server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there. The European Commission has not issued a decision determining an adequate level of data protection for the USA. Our cooperation is based on the standard data protection clauses adopted by the European Commission.
10. Our contact details and Your rights
10.1 Your rights
Individuals whose data is processed have the following rights:
- In accordance with Article 15 of the GDPR, the right to obtain information about the processing of data to the extent specified in this article.;
- In accordance with Article 16 of the GDPR, the right to rectify your inaccurate or incomplete personal data.
- In accordance with Article 17 of the GDPR, the so-called “right to be forgotten,” which entitles you to have your personal data erased from our records if further processing is not necessary.
- the right to freedom of expression and information;
- the right to fulfill a legal obligation;
- due to reasons of public interest;
- the right to establish, investigate, or defend claims;
- according to Article 18 of the GDPR: the right to restrict the processing of personal data, provided that:
- the accuracy of these personal data is contested by you;
- the processing is unlawful, and you oppose the erasure of the data;
- we no longer need the personal data, but you need them for the establishment, exercise, or defense of legal claims;
- you have lodged an objection, pursuant to Article 21, against the processing of data;
- in accordance with Article 20 of the GDPR, you have the right to receive the personal data provided to us in a structured, commonly used, machine-readable format, and have the right to transmit those data to another controller;
- in accordance with Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office – UODO).
Right to object If we process personal data for the purpose of protecting our legitimate interests as described in this privacy policy, you have the right to object to the processing of your data for this purpose.– with effect for the future, if the processing is carried out for the purposes of direct marketing, you have the right to object at any time. If the processing is carried out for other purposes, you have the right to object only on grounds relating to your particular situation. After you exercise your right to object, we will not continue processing your personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims. The preceding sentence does not apply when the processing of data is carried out for direct marketing purposes. In such cases, upon your objection, we will always cease further processing of your personal data. |
10.2 Contacting Us
In case of any questions regarding the collection, processing, and use of your personal data, as well as if you wish to request information, correction, restriction of processing, deletion of data, or if you want to withdraw your consent or object to the use of certain data, please contact the data controller directly as indicated at the beginning of this privacy policy.